summaryrefslogtreecommitdiffstats
path: root/redhat/tdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2014-10-06 12:16:27 -0500
committerTimothy Pearson <[email protected]>2014-10-06 12:16:27 -0500
commitecd088049d4aa2e8262f4cc1e0ac45e135964229 (patch)
tree49ed22e9e7852fd3f26854aecf41c96169d59629 /redhat/tdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch
parent855439d3f99b0c152c33ae76a06cce9853f9b8dd (diff)
parent01a7863524342e1aec31679e55d08830cc571066 (diff)
downloadtde-packaging-ecd088049d4aa2e8262f4cc1e0ac45e135964229.tar.gz
tde-packaging-ecd088049d4aa2e8262f4cc1e0ac45e135964229.zip
Merge branch 'master' of http://scm.trinitydesktop.org/scm/git/tde-packaging
Diffstat (limited to 'redhat/tdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch')
-rw-r--r--redhat/tdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch157
1 files changed, 0 insertions, 157 deletions
diff --git a/redhat/tdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch b/redhat/tdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch
deleted file mode 100644
index 1660d03f2..000000000
--- a/redhat/tdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-commit f05f9dc7532ea41c49b3e9385165d942dfab5d0e
-Author: Timothy Pearson <[email protected]>
-Date: 1327036924 -0600
-
- If someone manages to close down kdesktop_lock through an undiscovered security vulnerability such as http://security-tracker.debian.org/tracker/CVE-2012-0064, immediately terminate the compromised TDE session
-
-diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
-index 6bd18f7..2588bbf 100644
---- a/kdesktop/lock/lockprocess.cc
-+++ b/kdesktop/lock/lockprocess.cc
-@@ -326,10 +326,8 @@ static int signal_pipe[2];
- static void sigterm_handler(int)
- {
- if (!trinity_desktop_lock_in_sec_dlg) {
-- char tmp = 'T';
-- if (::write( signal_pipe[1], &tmp, 1) == -1) {
-- // Error handler to shut up gcc warnings
-- }
-+ // Exit uncleanly
-+ exit(1);
- }
- }
-
-@@ -522,7 +520,7 @@ void LockProcess::setupSignals()
- sigaddset(&(act.sa_mask), SIGQUIT);
- act.sa_flags = 0;
- sigaction(SIGQUIT, &act, 0L);
-- // exit cleanly on SIGTERM
-+ // exit uncleanly on SIGTERM
- act.sa_handler= sigterm_handler;
- sigemptyset(&(act.sa_mask));
- sigaddset(&(act.sa_mask), SIGTERM);
-diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc
-index b957218..c5306e9 100644
---- a/kdesktop/lockeng.cc
-+++ b/kdesktop/lockeng.cc
-@@ -36,10 +36,11 @@ bool trinity_lockeng_sak_available = TRUE;
- // a newly started process.
- //
- SaverEngine::SaverEngine()
-- : KScreensaverIface(),
-- TQWidget(),
-+ : TQWidget(),
-+ KScreensaverIface(),
- mBlankOnly(false),
-- mSAKProcess(NULL)
-+ mSAKProcess(NULL),
-+ mTerminationRequested(false)
- {
- // Save X screensaver parameters
- XGetScreenSaver(qt_xdisplay(), &mXTimeout, &mXInterval,
-@@ -340,6 +341,7 @@ void SaverEngine::stopLockProcess()
- kdDebug(1204) << "SaverEngine: stopping lock" << endl;
- emitDCOPSignal("KDE_stop_screensaver()", TQByteArray());
-
-+ mTerminationRequested=true;
- mLockProcess.kill();
-
- if (mEnabled)
-@@ -357,7 +359,33 @@ void SaverEngine::stopLockProcess()
-
- void SaverEngine::lockProcessExited()
- {
-+printf("Lock process exited\n\r"); fflush(stdout);
-+ bool abnormalExit = false;
- kdDebug(1204) << "SaverEngine: lock exited" << endl;
-+ if (mLockProcess.normalExit() == false) {
-+ abnormalExit = true;
-+ }
-+ else {
-+ if (mLockProcess.exitStatus() != 0) {
-+ abnormalExit = true;
-+ }
-+ }
-+ if (mTerminationRequested == true) {
-+ abnormalExit = false;
-+ }
-+ if (abnormalExit == true) {
-+ // PROBABLE HACKING ATTEMPT DETECTED
-+ // Terminate the TDE session ASAP!
-+ // Values are explained at http://lists.kde.org/?l=kde-linux&m=115770988603387
-+ TQByteArray data;
-+ TQDataStream arg(data, IO_WriteOnly);
-+ arg << (int)0 << (int)0 << (int)2;
-+ if ( ! kapp->dcopClient()->send("ksmserver", "default", "logout(int,int,int)", data) ) {
-+ // Someone got to DCOP before we did
-+ // Try an emergency system logout
-+ system("logout");
-+ }
-+ }
- if (trinity_lockeng_sak_available == TRUE) {
- handleSecureDialog();
- }
-diff --git a/kdesktop/lockeng.h b/kdesktop/lockeng.h
-index b1e31bd..ae81f90 100644
---- a/kdesktop/lockeng.h
-+++ b/kdesktop/lockeng.h
-@@ -114,6 +114,7 @@ protected:
-
- private:
- KProcess* mSAKProcess;
-+ bool mTerminationRequested;
- };
-
- #endif
-commit 5f8d730703882e1335305a2c43a378f0c4b96e8e
-Author: Timothy Pearson <[email protected]>
-Date: 1327216641 -0600
-
- Fix desktop lock
-
-diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
-index 2588bbf..5acc96e 100644
---- a/kdesktop/lock/lockprocess.cc
-+++ b/kdesktop/lock/lockprocess.cc
-@@ -630,6 +630,8 @@ void LockProcess::startSecureDialog()
- return;
- }
-
-+ setGeometry(0, 0, mRootWidth, mRootHeight);
-+
- int ret;
- SecureDlg inDlg( this );
- inDlg.setRetInt(&ret);
-diff --git a/kdesktop/lock/main.cc b/kdesktop/lock/main.cc
-index 2711c36..c0b8e24 100644
---- a/kdesktop/lock/main.cc
-+++ b/kdesktop/lock/main.cc
-@@ -181,14 +181,14 @@ int main( int argc, char **argv )
- rt = process.runSecureDialog();
- }
- else {
-- return 1;
-+ return 0;
- }
- }
- else {
- rt = process.defaultSave();
- }
- if (!rt) {
-- return 1;
-+ return 0;
- }
-
- if( sig )
-diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc
-index fb0f754..5307c5c 100644
---- a/kdesktop/lockeng.cc
-+++ b/kdesktop/lockeng.cc
-@@ -372,6 +372,7 @@ printf("Lock process exited\n\r"); fflush(stdout);
- }
- if (mTerminationRequested == true) {
- abnormalExit = false;
-+ mTerminationRequested = false;
- }
- if (abnormalExit == true) {
- // PROBABLE HACKING ATTEMPT DETECTED